Security
Headlines
HeadlinesLatestCVEs

Latest News

Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution

GitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an attacker to run pipeline jobs as an arbitrary user. The issue, tracked as CVE-2024-6678, carries a CVSS score of 9.9 out of a maximum of 10.0 "An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to

The Hacker News
Open in Source
#vulnerability#git#auth#The Hacker News
Scammers advertise fake AppleCare+ service via GitHub repos

Beware before calling Apple for assistance as scammers are creating malicious ads and fake pages to lure you in.

NCA Arrests Teenager in Walsall Over TfL Cyber Attack

A recent National Crime Agency (NCA) investigation led to the arrest of a teenager in Walsall, England, linked…

GHSA-wf9g-c67g-h4ch: MindsDB Eval Injection vulnerability

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server.

GHSA-7vhj-pfwv-hx3w: MindsDB Deserialization of Untrusted Data vulnerability

Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with.

GHSA-7vhh-gfjc-x8rm: MindsDB Deserialization of Untrusted Data vulnerability

Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘describe’ query is run on it.

GHSA-q9r8-89xr-4xv4: MindsDB Deserialization of Untrusted Data vulnerability

Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for a prediction.

GHSA-fr9q-rgwq-g5r5: MindsDB Deserialization of Untrusted Data vulnerability

Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘finetune’ on it.

GHSA-8cm9-rrgc-4pcj: Cleanlab Deserialization of Untrusted Data vulnerability

Deserialization of untrusted data can occur in versions 2.4.0 or newer of the Cleanlab project, enabling a maliciously crafted datalab.pkl file to run arbitrary code on an end user’s system when the data directory is loaded.

GHSA-32fj-r8qw-r8w8: MindsDB Cross-site Scripting vulnerability

A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI.